From 33223fffa6588359b4e85f8f6c8e7c339ca34461 Mon Sep 17 00:00:00 2001
From: Filip Skokan <panva.ip@gmail.com>
Date: Tue, 15 Dec 2020 10:39:50 +0100
Subject: [PATCH] fix: check DPoP htm as case-sensitive

---
 lib/helpers/oidc_context.js | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/helpers/oidc_context.js b/lib/helpers/oidc_context.js
index 7aaf2219d..e801acb53 100644
--- a/lib/helpers/oidc_context.js
+++ b/lib/helpers/oidc_context.js
@@ -135,8 +135,7 @@ module.exports = function getContext(provider) {
           throw new Error('must have a jti string property');
         }
 
-        // HTTP Methods are case-insensitive
-        if (String(payload.htm).toLowerCase() !== this.ctx.method.toLowerCase()) {
+        if (payload.htm !== this.ctx.method) {
           throw new Error('htm mismatch');
         }